With Honey Encryption, when hackers try to decrypt a secure database, they won’t know if they’ve correctly guessed the encryption key. Normally, an incorrect guess would return a garbled mess. But with Honey Encryption, an incorrect guess will return a fake, but legitimate-looking database that is based in part on the database dumps from previous security breaches.

Right now, Juels is using Honey Encryption to create a fake password vault generator for password managers. While password managers may help users create complex and unique passwords for individual accounts, users often use weak master passwords because they frequently have to type them in. As a result, password managers are frequently the target of attackers.

To build the fake password vault generator, Juels is taking advantage of previous security breaches, using collections from previously hacked password managers and from other services.